What Are You Looking For?

Sign Up
Date:         Mon, 30 Mar 2009 11:47:53 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Re: Security ERRATA Moderate: NetworkManager on SL4.x,
              SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          
In-Reply-To:  <49CD21A2.8040204@fnal.gov>

And the dbus update required an updated selinux-policy for SL 50, 51 and 52.
We apologize for any problems this oversight might have caused.

We have updated the list of packages that get updated, even if they are 
not security updates, to include selinux-policy.  That list is on the 
final bullet, on the final question  of the errata-faq.

Dependancies:
SL 5.0, 5.1, 5.2
        i386:
selinux-policy-2.4.6-203.el5.noarch.rpm
selinux-policy-devel-2.4.6-203.el5.noarch.rpm
selinux-policy-mls-2.4.6-203.el5.noarch.rpm
selinux-policy-strict-2.4.6-203.el5.noarch.rpm
selinux-policy-targeted-2.4.6-203.el5.noarch.rpm
        x86_64:
selinux-policy-2.4.6-203.el5.noarch.rpm
selinux-policy-devel-2.4.6-203.el5.noarch.rpm
selinux-policy-mls-2.4.6-203.el5.noarch.rpm
selinux-policy-strict-2.4.6-203.el5.noarch.rpm
selinux-policy-targeted-2.4.6-203.el5.noarch.rpm

Troy Dawson

Troy J Dawson wrote:
> This security update required and updated dbus for SL 50, 51, and 52.
> 
> Dependancies:
> SL 5.x
>        i386:
> dbus-1.1.2-12.el5.i386.rpm
> dbus-devel-1.1.2-12.el5.i386.rpm
> dbus-glib-0.73-8.el5.i386.rpm
> dbus-glib-devel-0.73-8.el5.i386.rpm
> dbus-libs-1.1.2-12.el5.i386.rpm
> dbus-python-0.70-7.el5.i386.rpm
> dbus-x11-1.1.2-12.el5.i386.rpm
>        x86_64:
> dbus-1.1.2-12.el5.i386.rpm
> dbus-1.1.2-12.el5.x86_64.rpm
> dbus-devel-1.1.2-12.el5.i386.rpm
> dbus-devel-1.1.2-12.el5.x86_64.rpm
> dbus-glib-0.73-8.el5.i386.rpm
> dbus-glib-0.73-8.el5.x86_64.rpm
> dbus-glib-devel-0.73-8.el5.i386.rpm
> dbus-glib-devel-0.73-8.el5.x86_64.rpm
> dbus-libs-1.1.2-12.el5.i386.rpm
> dbus-libs-1.1.2-12.el5.x86_64.rpm
> dbus-python-0.70-7.el5.x86_64.rpm
> dbus-x11-1.1.2-12.el5.x86_64.rpm
> 
> Troy Dawson
> 
> Troy J Dawson wrote:
>> Synopsis:	Moderate: NetworkManager security update
>> Issue date:	2009-03-25
>> CVE Names:	CVE-2009-0365 CVE-2009-0578
>>
>> An information disclosure flaw was found in NetworkManager's D-Bus
>> interface. A local attacker could leverage this flaw to discover 
>> sensitive information, such as network connection passwords and 
>> pre-shared keys. (CVE-2009-0365)
>>
>> A potential denial of service flaw was found in NetworkManager's D-Bus
>> interface. A local user could leverage this flaw to modify local 
>> connection settings, preventing the system's network connection from 
>> functioning properly. (CVE-2009-0578)
>>
>> SL 4.x
>>
>>       SRPMS:
>> NetworkManager-0.3.1-5.el4.src.rpm
>>       i386:
>> NetworkManager-0.3.1-5.el4.i386.rpm
>> NetworkManager-gnome-0.3.1-5.el4.i386.rpm
>>       x86_64:
>> NetworkManager-0.3.1-5.el4.x86_64.rpm
>> NetworkManager-gnome-0.3.1-5.el4.x86_64.rpm
>>
>> SL 5.x
>>
>>       SRPMS:
>> NetworkManager-0.7.0-4.el5_3.src.rpm
>>       i386:
>> NetworkManager-0.7.0-4.el5_3.i386.rpm
>> NetworkManager-devel-0.7.0-4.el5_3.i386.rpm
>> NetworkManager-glib-0.7.0-4.el5_3.i386.rpm
>> NetworkManager-glib-devel-0.7.0-4.el5_3.i386.rpm
>> NetworkManager-gnome-0.7.0-4.el5_3.i386.rpm
>>       x86_64:
>> NetworkManager-0.7.0-4.el5_3.i386.rpm
>> NetworkManager-0.7.0-4.el5_3.x86_64.rpm
>> NetworkManager-devel-0.7.0-4.el5_3.i386.rpm
>> NetworkManager-devel-0.7.0-4.el5_3.x86_64.rpm
>> NetworkManager-glib-0.7.0-4.el5_3.i386.rpm
>> NetworkManager-glib-0.7.0-4.el5_3.x86_64.rpm
>> NetworkManager-glib-devel-0.7.0-4.el5_3.i386.rpm
>> NetworkManager-glib-devel-0.7.0-4.el5_3.x86_64.rpm
>> NetworkManager-gnome-0.7.0-4.el5_3.x86_64.rpm
>>
>> -Connie Sieh
>> -Troy Dawson
>>

-- 
__________________________________________________
Troy Dawson  dawson@fnal.gov  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI LMSS Group
__________________________________________________
Date:         Mon, 30 Mar 2009 16:32:23 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Critical: seamonkey on SL3.x, SL4.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Critical: seamonkey security update
Issue date:	2009-03-27
CVE Names:	CVE-2009-1044 CVE-2009-1169

A memory corruption flaw was discovered in the way SeaMonkey handles XML
files containing an XSLT transform. A remote attacker could use this 
flaw to crash SeaMonkey or, potentially, execute arbitrary code as the 
user running SeaMonkey. (CVE-2009-1169)

A flaw was discovered in the way SeaMonkey handles certain XUL garbage
collection events. A remote attacker could use this flaw to crash 
SeaMonkey or, potentially, execute arbitrary code as the user running 
SeaMonkey. (CVE-2009-1044)

After installing the update, SeaMonkey must be restarted for the changes 
to take effect.

SL 3.0.x

      SRPMS:
seamonkey-1.0.9-0.32.el2.src.rpm
      i386:
seamonkey-1.0.9-0.36.el3.i386.rpm
seamonkey-chat-1.0.9-0.36.el3.i386.rpm
seamonkey-devel-1.0.9-0.36.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.36.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.36.el3.i386.rpm
seamonkey-mail-1.0.9-0.36.el3.i386.rpm
seamonkey-nspr-1.0.9-0.36.el3.i386.rpm
seamonkey-nspr-devel-1.0.9-0.36.el3.i386.rpm
seamonkey-nss-1.0.9-0.36.el3.i386.rpm
seamonkey-nss-devel-1.0.9-0.36.el3.i386.rpm
      x86_64:
seamonkey-1.0.9-0.36.el3.i386.rpm
seamonkey-1.0.9-0.36.el3.x86_64.rpm
seamonkey-chat-1.0.9-0.36.el3.i386.rpm
seamonkey-chat-1.0.9-0.36.el3.x86_64.rpm
seamonkey-devel-1.0.9-0.36.el3.x86_64.rpm
seamonkey-dom-inspector-1.0.9-0.36.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.36.el3.x86_64.rpm
seamonkey-js-debugger-1.0.9-0.36.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.36.el3.x86_64.rpm
seamonkey-mail-1.0.9-0.36.el3.i386.rpm
seamonkey-mail-1.0.9-0.36.el3.x86_64.rpm
seamonkey-nspr-1.0.9-0.36.el3.i386.rpm
seamonkey-nspr-1.0.9-0.36.el3.x86_64.rpm
seamonkey-nspr-devel-1.0.9-0.36.el3.x86_64.rpm
seamonkey-nss-1.0.9-0.36.el3.i386.rpm
seamonkey-nss-1.0.9-0.36.el3.x86_64.rpm
seamonkey-nss-devel-1.0.9-0.36.el3.x86_64.rpm

SL 4.x

      SRPMS:
seamonkey-1.0.9-40.el4.src.rpm
      i386:
seamonkey-1.0.9-40.el4.i386.rpm
seamonkey-chat-1.0.9-40.el4.i386.rpm
seamonkey-devel-1.0.9-40.el4.i386.rpm
seamonkey-dom-inspector-1.0.9-40.el4.i386.rpm
seamonkey-js-debugger-1.0.9-40.el4.i386.rpm
seamonkey-mail-1.0.9-40.el4.i386.rpm
      x86_64:
seamonkey-1.0.9-40.el4.i386.rpm
seamonkey-1.0.9-40.el4.x86_64.rpm
seamonkey-chat-1.0.9-40.el4.i386.rpm
seamonkey-chat-1.0.9-40.el4.x86_64.rpm
seamonkey-devel-1.0.9-40.el4.x86_64.rpm
seamonkey-dom-inspector-1.0.9-40.el4.i386.rpm
seamonkey-dom-inspector-1.0.9-40.el4.x86_64.rpm
seamonkey-js-debugger-1.0.9-40.el4.i386.rpm
seamonkey-js-debugger-1.0.9-40.el4.x86_64.rpm
seamonkey-mail-1.0.9-40.el4.i386.rpm
seamonkey-mail-1.0.9-40.el4.x86_64.rpm


-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-0365 Critical: seamonkey SL3.x, SL4.x i386/x86_64

Critical: seamonkey security update

Summary

Date:         Mon, 30 Mar 2009 11:47:53 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Re: Security ERRATA Moderate: NetworkManager on SL4.x,              SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          In-Reply-To:  <49CD21A2.8040204@fnal.gov>And the dbus update required an updated selinux-policy for SL 50, 51 and 52.We apologize for any problems this oversight might have caused.We have updated the list of packages that get updated, even if they are not security updates, to include selinux-policy.  That list is on the final bullet, on the final question  of the errata-faq.Dependancies:SL 5.0, 5.1, 5.2        i386:selinux-policy-2.4.6-203.el5.noarch.rpmselinux-policy-devel-2.4.6-203.el5.noarch.rpmselinux-policy-mls-2.4.6-203.el5.noarch.rpmselinux-policy-strict-2.4.6-203.el5.noarch.rpmselinux-policy-targeted-2.4.6-203.el5.noarch.rpm        x86_64:selinux-policy-2.4.6-203.el5.noarch.rpmselinux-policy-devel-2.4.6-203.el5.noarch.rpmselinux-policy-mls-2.4.6-203.el5.noarch.rpmselinux-policy-strict-2.4.6-203.el5.noarch.rpmselinux-policy-targeted-2.4.6-203.el5.noarch.rpmTroy DawsonTroy J Dawson wrote:> This security update required and updated dbus for SL 50, 51, and 52.> > Dependancies:> SL 5.x>        i386:> dbus-1.1.2-12.el5.i386.rpm> dbus-devel-1.1.2-12.el5.i386.rpm> dbus-glib-0.73-8.el5.i386.rpm> dbus-glib-devel-0.73-8.el5.i386.rpm> dbus-libs-1.1.2-12.el5.i386.rpm> dbus-python-0.70-7.el5.i386.rpm> dbus-x11-1.1.2-12.el5.i386.rpm>        x86_64:> dbus-1.1.2-12.el5.i386.rpm> dbus-1.1.2-12.el5.x86_64.rpm> dbus-devel-1.1.2-12.el5.i386.rpm> dbus-devel-1.1.2-12.el5.x86_64.rpm> dbus-glib-0.73-8.el5.i386.rpm> dbus-glib-0.73-8.el5.x86_64.rpm> dbus-glib-devel-0.73-8.el5.i386.rpm> dbus-glib-devel-0.73-8.el5.x86_64.rpm> dbus-libs-1.1.2-12.el5.i386.rpm> dbus-libs-1.1.2-12.el5.x86_64.rpm> dbus-python-0.70-7.el5.x86_64.rpm> dbus-x11-1.1.2-12.el5.x86_64.rpm> > Troy Dawson> > Troy J Dawson wrote:>> Synopsis:	Moderate: NetworkManager security update>> Issue date:	2009-03-25>> CVE Names:	CVE-2009-0365 CVE-2009-0578>>>> An information disclosure flaw was found in NetworkManager's D-Bus>> interface. A local attacker could leverage this flaw to discover >> sensitive information, such as network connection passwords and >> pre-shared keys. (CVE-2009-0365)>>>> A potential denial of service flaw was found in NetworkManager's D-Bus>> interface. A local user could leverage this flaw to modify local >> connection settings, preventing the system's network connection from >> functioning properly. (CVE-2009-0578)>>>> SL 4.x>>>>       SRPMS:>> NetworkManager-0.3.1-5.el4.src.rpm>>       i386:>> NetworkManager-0.3.1-5.el4.i386.rpm>> NetworkManager-gnome-0.3.1-5.el4.i386.rpm>>       x86_64:>> NetworkManager-0.3.1-5.el4.x86_64.rpm>> NetworkManager-gnome-0.3.1-5.el4.x86_64.rpm>>>> SL 5.x>>>>       SRPMS:>> NetworkManager-0.7.0-4.el5_3.src.rpm>>       i386:>> NetworkManager-0.7.0-4.el5_3.i386.rpm>> NetworkManager-devel-0.7.0-4.el5_3.i386.rpm>> NetworkManager-glib-0.7.0-4.el5_3.i386.rpm>> NetworkManager-glib-devel-0.7.0-4.el5_3.i386.rpm>> NetworkManager-gnome-0.7.0-4.el5_3.i386.rpm>>       x86_64:>> NetworkManager-0.7.0-4.el5_3.i386.rpm>> NetworkManager-0.7.0-4.el5_3.x86_64.rpm>> NetworkManager-devel-0.7.0-4.el5_3.i386.rpm>> NetworkManager-devel-0.7.0-4.el5_3.x86_64.rpm>> NetworkManager-glib-0.7.0-4.el5_3.i386.rpm>> NetworkManager-glib-0.7.0-4.el5_3.x86_64.rpm>> NetworkManager-glib-devel-0.7.0-4.el5_3.i386.rpm>> NetworkManager-glib-devel-0.7.0-4.el5_3.x86_64.rpm>> NetworkManager-gnome-0.7.0-4.el5_3.x86_64.rpm>>>> -Connie Sieh>> -Troy Dawson>>-- __________________________________________________Troy Dawson  dawson@fnal.gov  (630)840-6468Fermilab  ComputingDivision/LCSI/CSI LMSS Group__________________________________________________Date:         Mon, 30 Mar 2009 16:32:23 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Critical: seamonkey on SL3.x, SL4.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Critical: seamonkey security updateIssue date:	2009-03-27CVE Names:	CVE-2009-1044 CVE-2009-1169A memory corruption flaw was discovered in the way SeaMonkey handles XMLfiles containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169)A flaw was discovered in the way SeaMonkey handles certain XUL garbagecollection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044)After installing the update, SeaMonkey must be restarted for the changes to take effect.SL 3.0.x      SRPMS:seamonkey-1.0.9-0.32.el2.src.rpm      i386:seamonkey-1.0.9-0.36.el3.i386.rpmseamonkey-chat-1.0.9-0.36.el3.i386.rpmseamonkey-devel-1.0.9-0.36.el3.i386.rpmseamonkey-dom-inspector-1.0.9-0.36.el3.i386.rpmseamonkey-js-debugger-1.0.9-0.36.el3.i386.rpmseamonkey-mail-1.0.9-0.36.el3.i386.rpmseamonkey-nspr-1.0.9-0.36.el3.i386.rpmseamonkey-nspr-devel-1.0.9-0.36.el3.i386.rpmseamonkey-nss-1.0.9-0.36.el3.i386.rpmseamonkey-nss-devel-1.0.9-0.36.el3.i386.rpm      x86_64:seamonkey-1.0.9-0.36.el3.i386.rpmseamonkey-1.0.9-0.36.el3.x86_64.rpmseamonkey-chat-1.0.9-0.36.el3.i386.rpmseamonkey-chat-1.0.9-0.36.el3.x86_64.rpmseamonkey-devel-1.0.9-0.36.el3.x86_64.rpmseamonkey-dom-inspector-1.0.9-0.36.el3.i386.rpmseamonkey-dom-inspector-1.0.9-0.36.el3.x86_64.rpmseamonkey-js-debugger-1.0.9-0.36.el3.i386.rpmseamonkey-js-debugger-1.0.9-0.36.el3.x86_64.rpmseamonkey-mail-1.0.9-0.36.el3.i386.rpmseamonkey-mail-1.0.9-0.36.el3.x86_64.rpmseamonkey-nspr-1.0.9-0.36.el3.i386.rpmseamonkey-nspr-1.0.9-0.36.el3.x86_64.rpmseamonkey-nspr-devel-1.0.9-0.36.el3.x86_64.rpmseamonkey-nss-1.0.9-0.36.el3.i386.rpmseamonkey-nss-1.0.9-0.36.el3.x86_64.rpmseamonkey-nss-devel-1.0.9-0.36.el3.x86_64.rpmSL 4.x      SRPMS:seamonkey-1.0.9-40.el4.src.rpm      i386:seamonkey-1.0.9-40.el4.i386.rpmseamonkey-chat-1.0.9-40.el4.i386.rpmseamonkey-devel-1.0.9-40.el4.i386.rpmseamonkey-dom-inspector-1.0.9-40.el4.i386.rpmseamonkey-js-debugger-1.0.9-40.el4.i386.rpmseamonkey-mail-1.0.9-40.el4.i386.rpm      x86_64:seamonkey-1.0.9-40.el4.i386.rpmseamonkey-1.0.9-40.el4.x86_64.rpmseamonkey-chat-1.0.9-40.el4.i386.rpmseamonkey-chat-1.0.9-40.el4.x86_64.rpmseamonkey-devel-1.0.9-40.el4.x86_64.rpmseamonkey-dom-inspector-1.0.9-40.el4.i386.rpmseamonkey-dom-inspector-1.0.9-40.el4.x86_64.rpmseamonkey-js-debugger-1.0.9-40.el4.i386.rpmseamonkey-js-debugger-1.0.9-40.el4.x86_64.rpmseamonkey-mail-1.0.9-40.el4.i386.rpmseamonkey-mail-1.0.9-40.el4.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo